[c-nsp] L2TP rate limiting for aggregate of groups of users
David Mommsen
davezenith at gmail.com
Thu Jun 7 04:00:06 EDT 2012
Hi,
We're running a pair of Cisco 7401's as L2TP LNS's (L2TP over IPSEC with
RADIUS AAA) plus HSRP for redundancy. It seems simple enough to apply rate
limiting for individual L2TP sessions by specifying the appropriate RADIUS
attributes but what if we further wanted to add a rate limit for the sum of
a group of sessions, also given in RADIUS?
So, for example, is there a way to stipulate:
* user A may not exceed 1Mbps;
* user B may not exceed 1Mbps;
* user C may not exceed 5Mbps;
* user D may not exceed 5Mbps;
* user A + user B combined may not exceed 1Mbps;
* user C + user D combined may not exceed 5Mbps?
Could we perhaps set up class maps on the upstream router interface with
predefined rates and then use RADIUS to manipulate an ACL such that the
user is associated with the appropriate class map?
Rgds
--
David Mommsen
More information about the cisco-nsp
mailing list